3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready.

Save this PDF as:

Size: px
Start display at page:

Download "3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready."

Transcription

1 3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready. Abstract: Kudos to the FFIEC agencies efforts to bring more attention and effort to managing 3rd party risk. With so much focus on 3rd party risk, it has become a paramount issue. Therefore, it s time to explore what proactive steps the 3rd parties can take that are mutually beneficial to their business, bank clients, and consumers. Whether you are a financial institution or a 3 rd party offering services to financial institution clients, this paper offers you an intuitive perspective on the steps that must be taken to improve the compliance and risk management partnership between institutions and 3 rd parties. Author: Paul R. Reymann, Partner McGovern Smith Advisors Contents 3 rd Party Compliance is Paramount... 1 The Cost of Doing Business with a Financial Institution... 1 Trusted Partners are Exam-Ready st Priority Establish Compliance Policies and Procedures nd Priority Administer the Compliance Programs 4 Consumer Compliance Program... 4 Information Security Program... 6 Vendor Risk Management Program... 6 Business Continuity Planning rd Priority Compliance Oversight & Training... 7 Next Steps... 8

2 By: Paul Reymann, Partner, McGovern Smith Advisors, LLC. Are 3 rd parties doing enough? Not according to the enforcement actions, consent orders, fines, civil money penalties, and risk management mandates imposed on such companies and their financial institution clients. 3 rd Party Compliance is Paramount We are witnessing a renewed focus by bank regulators and examiners on vendor-related risks, including those that can directly affect consumers, and the banks and their vendor partners ability to comply with consumer compliance, cybersecurity, incident response, and risk management and oversight mandates. This is coupled with an aggressive willingness to issue enforcement actions against banks for 3 rd party service provider violations of consumer protections. The Consumer Financial Protection Bureau (CFPB) and Office of Comptroller of the Currency (OCC) April 2014 consent order against Bank of America and the May 2013 Federal Deposit Insurance Corporation (FDIC) settlement against Achieve and First California Bank (FCB) are reminders. 1 The regulatory focus from the Federal Financial Institutions Examination Council (FFIEC) agencies along with the enforcement action history of the past 2 to 3 years is a clear indication that 3rd parties working with regulated financial and non-financial institutions need to adopt a compliance and risk management culture that supports the up-stream institution s compliance and risk management culture. Regulators are stepping up their focus on the risk management and oversight of non-financial 3 rd parties working in the payment s industry and providing critical activities. 2 They are requiring regulated institutions to subsequently step up their vendor risk management, anti-money laundering, consumer compliance, cybersecurity controls, cyber incident management, and performance monitoring of such critical 3rd parties. 3 Kudos to the FFIEC agencies efforts to bring more attention and effort to managing 3 rd party risk. With so much focus on 3 rd party risk, it has become a paramount issue. Therefore, it s time to explore what proactive steps the 3 rd parties can take that are mutually beneficial to their business, bank clients, and consumers. The Cost of Doing Business with a Financial Institution In short, it is time to invert the traditional regulatory message of Banks must manage their 3 rd party risk to 3 rd parties must manage risk for their bank clients. As an example, let s look at the nature of the relationship between a typical sponsoring bank and independent program manager relationship that exists today for issuing prepaid cards. 1 The CFPB, in cooperation with the OCC, issued a consent order against Bank of America and its credit card subsidiary - FIA Card Services - to pay an estimated total of $727 million for alleged UDAAP violations related to credit card add-on products in connection with identity protection and debt cancellation services. The FDIC determined that Achieve and FCB engaged in unfair and deceptive practices in violation of Section 5 in the marketing and servicing of the AchieveCard, a prepaid, reloadable MasterCard, Each entity agreed to provide restitution of approximately $1.1 million to over 64,000 prepaid cardholders. In addition, the FDIC has assessed civil money penalties of $600,000 against FCB and $110,000 against Achieve. 2 Critical activities are significant bank functions (e.g., payments, clearing, settlements, custody) or significant shared services (e.g., information technology), or other activities that: could cause a bank to face significant risk if the third party fails to meet expectations; could have significant customer impacts; require significant investment in resources to implement the third-party relationship and manage the risk; or could have a major impact on bank operations if the bank has to find an alternate third party or if the outsourced activity has to be brought in-house. 3 Example references include: OCC Bulletin Third-Party Relationships: Risk Management Guidance; FDIC FIL Payment Processor Relationships; and FRB SR Guidance on Managing Outsourcing Risk. Copyright McGovern Smith Advisors, LLC. pg. 1 of 8

3 Many banks will sponsor an independent program manager that operates as a channel partner to help grow the bank s sale of cards through merchants and ultimately the consumer. In such relationships, the bank sponsorship provides access for the independent program manager to the payment network. Subsequently, the program manager will administer and manage the card program for the bank in accordance with specific bank requirements. Both parties along with the company that processes the payment, split the fees paid by the consumer and the merchant. In general, the sponsoring bank receives a small slice of these economics in such relationships. However, they are burdened with the mandate and cost to ensure the vendor complies with all the necessary legal and regulatory requirements and that the consumer is protected. Historically, sponsoring banks hold the program manager liable for meeting the bank s requirements, including all risk and compliance matters. Unfortunately, we see from the history of enforcement actions and consent orders that imposing liability on the 3rd party in the contract agreement has not enabled the bank to avoid compliance costs. When the regulators find fault with the activities of 3rd parties working with the bank, both parties have been required to pay fines or penalties. So what is the solution? Trusted Partners are Exam-Ready Third parties that strive to operate as an extension of the bank s examination-ready state will mitigate the risk of experiencing issues with their bank partners (and their bank s regulators), while also mitigating their own business risks. Such companies will be considered trusted partners by defining and implementing compliance and risk management programs that echo those of their bank clients. Working with financial institutions and their partners in the payments industry, McGovern Smith Advisors has defined a comprehensive road map to help clients establish a successful compliance and risk culture to validate 3 rd party vendors as a trusted partner to banks and in the eyes of the regulators. This road map contains multiple elements that are needed to enable 3 rd parties to achieve a trusted partner exam-ready state, proactively addressing the needs of their institution clients. These include implementing, self-policing, and validating the effectiveness of their individual company efforts to preemptively meet the client s and regulators expectations. Self-policing, which can also be described as self-monitoring or self-auditing, reflects a proactive commitment by a 3 rd party company to use resources for the prevention and early detection of potential violations of laws and regulations. 4 The CFPB and other FFIEC agencies expect financial institutions and their critical vendors to have a robust compliance management system appropriate for the size and complexity of a party s business. While this will not always prevent risk events or compliance violations, it will often facilitate early detection of potential problems and violations, which can limit the size and scope of harm or enforcement action. Questions that the regulators will consider in determining whether to provide favorable consideration for self-policing activity that detects problems, violations, or potential violations include: 1. What compliance procedures or self-policing mechanisms were in place to prevent, identify, or limit the conduct that occurred and to preserve relevant information? In what ways, if any, were the party s selfpolicing mechanisms particularly noteworthy and effective? 2. How does the party s self-policing functions measure up to customary supervisory expectations? 3. If the party is a business entity, what was the tone at the top of the business about compliance? Was there a culture of compliance? How high up in the chain of command did people know of or participate in the conduct at issue? Did senior personnel participate in, or turn a blind eye toward, obvious indicia of misconduct or deficiencies in compliance procedures? 4 See CFPB Bulletin , Responsible Business Conduct: Self-Policing, Self-Reporting, Remediation, and Cooperation (June 25, 2013). Copyright McGovern Smith Advisors, LLC. pg. 2 of 8

4 All companies that want to work with financial institutions and provide or support a critical activity must define and implement a transparent compliance and risk management culture. They must maintain a strategy to address the numerous risk management controls, regulatory mandates and updates, and enforcement actions that are frequently issued by the regulators. Whether you are just starting to think about how to establish policies and procedures or define a prudent compliance program, exploring options for enhancing your existing programs, or planning to validate the effectiveness of your programs, there is a lot to consider to be successful and do it right. In general: 1. The first priority is to establish clear policies and procedures that inform management and staff regarding his and her individual duties and responsibilities. 2. The second priority is to implement a prudent compliance program that addresses consumer compliance, information security, vendor management, and business continuity planning. 3. The third priority is to develop and execute a compliance management and training program to ensure all staff have adopted the culture of compliance and risk management defined in the policies and procedures and implemented in the various compliance and risk management programs. 1 st Priority Establish Compliance Policies and Procedures Based on FFIEC regulations, guidance, and industry best practices, MSA has identified 34 specific policies and subsequent procedures that should be implement by any 3 rd party that strives to become an exam-ready trusted partner in the payments industry. MSA works with 3 rd parties and institutions to build upon existing control documentation to create and maintain the 34 compliance policies and procedures listed in Chart 1. MSA highly recommends standardizing the process and format for all policies and procedures to establish an effective baseline to facilitate growth and the efficient and cost-effective audit and maintenance efforts. The payments industry compliance policies and procedures are categorized into 34 topics: 17 consumer compliance topics and 17 information technology topics that are applicable to payments activities. Chart 1 Compliance Policies & Procedures Related to the Payments Industry Consumer Compliance 1. Fair Credit Reporting Act (including FACT Act provisions) 2. Prohibited Consumer Credit Practices Rules 3. Electronic Fund Transfers Act/Regulation E 4. Advertising 5. Right to Financial Privacy Act 6. Consumer Privacy Regulations (Gramm Leach Bliley Act) 7. Debt Collection Practices Act (FDCPA) 8. Do-Not-Call/Do-Not Fax 9. Unfair Deceptive Acts or Practices (UDAP)/Regulation AA 10. Unfair Deceptive or Abusive Acts or Practices (UDAAP) 11. Unlawful Internet Gambling Act/Regulation GG 12. Bank Secrecy Act, including Anti-Money Laundering ( AML ) 13. Customer Identification Program 14. USA Patriot Act 15. Office of Foreign Assets Control ( OFAC ) 16. FACT Act (Red Flags Rules) 17. Consumer Complaint Tracking & Monitoring Information Technology 1. IT-Access Controls 2. IT-Authentication 3. IT-Network, Application, & System Access 4. IT-Remote Access 5. IT-Physical Security 6. IT-Encryption 7. IT-Malicious Code 8. IT-Change Management Administration 9. IT-Change Management Development / Testing 10. IT-Change Management Migration (Segregation of Duties) 11. IT-Patch Management 12. IT-Personnel Security 13. IT-Data Security 14. IT-Service Provider Oversight (Vendor) 15. IT-Business Continuity Considerations 16. IT-Security Monitoring 17. IT-Backup and Recovery Copyright McGovern Smith Advisors, LLC. pg. 3 of 8

5 Once this initial priority of publishing a board or senior management approved library of compliance policies and procedures is successfully completed, 3 rd party service providers will be in a prudent position to initiate the required work to implement the remaining compliance and risk management program elements. This approach helps each company to cost-effectively begin by defining the baseline foundational descriptions of its compliance and risk management practices. 2nd Priority Administer the Compliance Programs Implementing and administering a comprehensive compliance program requires all critical 3 rd parties to focus on the numerous legal and regulatory compliance mandates. In a recent review of such mandates, MSA identified 121 regulatory publications as shown on the next page in Chart 2 that are associated with the requirements for 3 rd party vendors to address: Consumer compliance Information security Vendor risk management (i.e., primary contractor and subcontractors) Business continuity planning and incident response All 3 rd parties and their partner bank(s) involved with payments should have a validated compliance program. In short, the regulators want bankers to be accountable and take responsibility for knowing and managing vendors as if they were an extension of the bank s staff. They are also increasingly expecting the banks vendor partner to adopt a compliance and risk management culture to show it understands the regulatory mandates of the bank and it is willing and able to validate it is an exam-ready partner. Consumer Compliance Program The consumer compliance program should include a review and testing of numerous compliance areas. For example, for prepaid cards the program should address: Advertising Bank Secrecy Act, including Anti-Money Laundering ( AML ) Consumer Complaints Tracking and Management Consumer Privacy Regulations (Gramm Leach Bliley Act) Customer Identification Program Debt Collection Practices Act (FDCPA) Do-Not-Call/Do-Not Fax Electronic Fund Transfers Act/Regulation E FACT Act (Red Flags Rules) Fair Credit Reporting Act (including FACT Act provisions) Information Security (Gramm Leach Bliley Act) Office of Foreign Assets Control ( OFAC ) Prohibited Consumer Credit Practices Rules Right to Financial Privacy Act Unfair Deceptive Acts or Practices (UDAP)/Regulation AA Unfair Deceptive or Abusive Acts or Practices (UDAAP) Unlawful Internet Gambling Act/Regulation GG USA Patriot Act Copyright McGovern Smith Advisors, LLC. pg. 4 of 8

6 Chart 2 CFPB (3) FFIEC (3) OCC (60) FDIC (30) FRB (6) NCUA (18) BITS (1) Bulletin Regarding Marketing of Credit Card Add-on Products Final Policy Statement - Publication of Credit Card Complaint Data Bulletin Responsible Business Conduct: Self-Policing, Self-Reporting, Remediation, and Cooperation IT Booklet on Outsourcing Technology Services IT Booklet on Supervision of Technology Service Providers Social Media: Consumer Compliance Risk Management Guidance Bulletin Use and Review of Independent Consultants in Enforcement Actions Bulletin Third-Party Relationships: Risk Management Guidance (Appendix B refers to 57 other publications) BULLETIN : Risk Management Guidance and Sound Practices FIL Payment Processor Relationships (Refers to 6 other publications) FIL Social Media: Consumer Compliance Risk Management Guidance (Refers to 22 other publications) SR 13-19, 12/5/13 Guidance on Managing Outsourcing Risk (Refers to 4 other publications) Outlook Live Webinar (5/2/12) Vendor Risk Management Compliance Considerations LTR No. 13-CU15 Private Student Loans (Direct & Indirect) LTR No. 13-CU13 Changes to NCUA Regulations Related to Credit Union Service Organizations (CUSOs) LTR No. 10-CU26 Evaluating Payment System Service Providers (with a check list) LTR No. 10-CU15 Indirect lending & Appropriate Due Diligence LTR No. 08-CU19 Third-Party Relationships: Mortgage Brokers and Correspondents LTR No. 08-CU09 Evaluating Third Party Relationships Questionnaire LTR No. 07-CU13 Evaluating Third Party Relationships (Refers to 11 prior publications) Share Assessments, a.k.a., SIG Lite Copyright McGovern Smith Advisors, LLC. pg. 5 of 8

7 Information Security Program Security is also paramount. All organizations should implement physical, administrative, and technological safeguards to protect the confidentiality and integrity of confidential data, networks, and facilities from known and unknown threats. Working together, financial institutions and their trusted partners can do a better job of preventing cyberattacks from happening. In a July 17, 2014 interview on CNBC Squawkbox, Wells Fargo CEO John Stumpf noted that third parties are a big area of risk. Wells Fargo does business with third parties that have access to the system and the people they know, e.g., customers. He also noted that bad people get in through third party access, which makes this a big school of thought and discussion at Wells Fargo these days. Clearly, the prudent management of third party vendor risk is an important initiative for Wells Fargo, as with all financial institutions. In accordance with the Gramm Leach Bliley security rule and other recognized information security best practice, a prudent, compliant, and effective information security program will include: Involvement of the board and senior management A risk assessment of threats and vulnerabilities Effective risk management and controls Training Testing Vendor oversight Monitoring and adjustment based on changes that affect the security program Board reporting of material cyber-security information Vendor Risk Management Program A risk-based vendor management program is a top concern among many financial institutions as well as various regulators. All of us are challenged to think more broadly about the risks and complexity of outsourcing. We now need to think about how to become more aware and efficient in identifying, managing, and mitigating risk at the bank, vendor, and consumer level. Specific to the payments industry, we see six primary sleeper risk categories that capture many of today s challenges for fraud, outsourcing complexity, enforcement actions, technology, and new product innovation, as displayed in Chart 3 on the next page. Each organization should implement the necessary controls and practices to ensure: It is performing adequate due diligence and managing its individual vendors and the associated risk to the organization and its partners and its network and customer data. It has mutual key performance and key risk indicators defined and included in contracts with all critical vendors. It is identifying issues and creating a framework to track, manage, resolve, and report to Executive Management on open issues, as appropriate. Copyright McGovern Smith Advisors, LLC. pg. 6 of 8

8 Chart 3 Business Continuity Planning Done properly, business continuity planning (BCP) will: enable you to rapidly recover from a disruption or disaster; keep your organization in compliance with relevant standards; and be a sustainable program that improves over time. Each organization should develop and implement a business continuity program that: 1. Establishes BCP governance (i.e., policies, standards, program review, and maintenance). 2. Establishes an organizational structure capable of managing enterprise-wide crisis, IT disaster recovery, and department level tactical continuity of business operations. 3. Performs risk assessments of key facilities. 4. Performs business impact analysis (BIA) that defines priorities, recovery timeframes, and recovery resource requirements - aligning incident response and disaster recovery with operational requirements. 5. Establishes operational recovery procedures. 6. Establishes pandemic preparedness. 7. Identifies information technology and other operational disaster recovery needs, capabilities, and procedures. 3rd Priority Compliance Oversight & Training The financial services industry is a significant element of our critical infrastructure. Therefore, any 3 rd party that partners with a financial institution, must ensure its staff understand the importance of his and her actions in supporting institution clients. Copyright McGovern Smith Advisors, LLC. pg. 7 of 8

9 Therefore, once the compliance policies, procedures, and program elements are developed, all staff must be trained on his and her duties and responsibilities. They should receive annual training on the legal and regulatory mandates outlined throughout this paper that are associated with his and her individual day-to-day activities. They should also receive regular training on the policies, procedures and other compliance and risk management controls. Each organization should also ensure proactive oversight of its ability to maintain its compliance and risk management culture by performing: Quarterly board and audit committee meetings. Internal and external validation of the effectiveness of its policies, procedures, programs, controls, and training. Next Steps The increasing volume and complexity of 3 rd party risk management regulatory mandates is causing all financial institutions to evaluate and update their traditional vendor risk management programs. It is also creating a new field of engagement for 3 rd parties that want to be competitive in offering products and services to institutions. Whether you are a financial institution that wants to ensure its vendor program is successfully addressing the regulatory risk and compliance mandates or a 3rd party that wants to establish a competitive edge and become exam-ready as a trusted partner, this paper offers you an intuitive perspective on the steps that must be taken to improve the compliance and risk management partnership between institutions and 3rd parties. If you would like to talk in greater detail about how McGovern Smith Advisors can help jump start or supplement your efforts, call us at About the Author Paul Reymann is a Partner with McGovern Smith Advisors, LLC. He has over 28 years in compliance and risk management, including 13 years with the Department of Treasury. He co-authored the Gramm-Leach-Bliley Act Data Protection regulation. He is the visionary behind outsourced managed compliance products and services to make it easier for businesses to meet today s tsunami of regulatory challenges. You can reach Paul by at or call him directly at About McGovern Smith Advisors, LLC. McGovern Smith Advisors understands our clients needs and delivers the knowledge and services that empower them to advance their payments business and remain competitive, compliant, and profitable. Our clients tell us we are unique in our depth of payments expertise. We bring forward-thinking advice and services on strategy, product development, profitability, compliance, RFPs & contracts, partnership formation, 3rd party vendor risk management, M&A, advocacy, and consumer campaigns to each client engagement. Visit for more information about how we can help you succeed. Copyright McGovern Smith Advisors, LLC. pg. 8 of 8

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red

More information

Any business relationship between a bank and another entity, by contract or otherwise

Any business relationship between a bank and another entity, by contract or otherwise An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise

More information

Supporting Effective Compliance Programs

Supporting Effective Compliance Programs October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,

More information

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements isl Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements DataGuardZ White Paper Forti5 BNP Paribas [Pick the date] What is the history behind FFIEC compliance?

More information

REGULATORY COMPLIANCE SERVICES for Financial Institutions

REGULATORY COMPLIANCE SERVICES for Financial Institutions REGULATORY COMPLIANCE SERVICES for Financial Institutions TRUPOINT PARTNERS Regulatory Compliance Services for Financial Institutions THIS IS SMART COMPLIANCE. TRUPOINT PARTNERS PROVIDES COMPLIANCE SOLUTIONS

More information

Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence

Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence November 20, 2014 2 p.m. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. Sponsored by Affinion Benefits Group E. Andrew Keeney,

More information

To: Our Clients and Friends March 25, 2014

To: Our Clients and Friends March 25, 2014 Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors

More information

Putting the Management Back in Vendor Management February 20, 2014

Putting the Management Back in Vendor Management February 20, 2014 Putting the Management Back in Vendor Management February 20, 2014 Moderator: Brian O Reilly The Collingwood Group, LLC Panelists: Calvin Hagins, CFPB Ken Markison, MBA Jonathan McKernan, Wilmer Hale Dan

More information

2014 Financial Services Industry Compliance Benchmark Study

2014 Financial Services Industry Compliance Benchmark Study 2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals

More information

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Vendor Risk Management in the New Regulatory Environment. kpmg.com Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators

More information

FinTech Webinar Series: Vendor Management Principles

FinTech Webinar Series: Vendor Management Principles FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections July 2015 RPL15-04 Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections Executive Summary The expansion of the Internet and the growth in electronic

More information

Community Banking. Regulators raise the bar on outsourcing relationships. A D V I S O R Fall 2014

Community Banking. Regulators raise the bar on outsourcing relationships. A D V I S O R Fall 2014 Community Banking A D V I S O R Fall 2014 SWOT analysis is solid armor for lenders Uncover risks among your business loan customers 5 tips for a successful succession plan Bank Wire Regulators raise the

More information

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,

More information

Anti-Money Laundering Policy Manual Table of Contents [Sample Client] Table of Contents

Anti-Money Laundering Policy Manual Table of Contents [Sample Client] Table of Contents Table of Contents [ Client] Table of Contents TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 3 1.1 GOALS AND OBJECTIVES... 3 1.2 REQUIRED REVIEW... 3 1.3 APPLICABILITY... 3 1.4 MONEY LAUNDERING DEFINED...

More information

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are

More information

CFPB Consumer Laws and Regulations

CFPB Consumer Laws and Regulations General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services

More information

REGULATORY COMPLIANCE SERVICES

REGULATORY COMPLIANCE SERVICES REGULATORY COMPLIANCE SERVICES COMPREHENSIVE, TAILORED SERVICES Proactive Regulatory Guidance Today s complex regulatory environment is presenting many diffi cult challenges to fi nancial institutions

More information

Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think

Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think November 15, 2012 Mary Thorson VP, Chartwell Compliance/ICBA CRM I. UDAAP Overview Background II. UDAAP An emerging

More information

The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again

The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again www.pwc.com/consumerfinance www.pwcregulatory.com The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again January 2015

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP)

UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP) UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP) EXAMINATION PROCEDURES Examination Objectives To assess the quality of the credit union s compliance risk management systems, including internal

More information

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management 2015 LBA Bank Counsel Conference Marx Sterbcow, Managing Attorney, Sterbcow Law Group The Bureau s Scrutiny of Vendor Management

More information

Risk Management of Remote Deposit Capture

Risk Management of Remote Deposit Capture Federal Financial Institutions Examination Council 3501 FAIRFAX DRIVE ROOM 3086 ARLINGTON, VA 22226-3550 (703) 516-5487 http://www.ffiec.gov Background and Purpose Risk Management of Remote Deposit Capture

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.

More information

Payment Processor Relationships Revised Guidance

Payment Processor Relationships Revised Guidance Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:

More information

REGULATORY COMPLIANCE. Dynamic Solutions. Superior Results.

REGULATORY COMPLIANCE. Dynamic Solutions. Superior Results. REGULATORY COMPLIANCE Dynamic Solutions. Superior Results. STREAMLINE, STRENGTHEN AND SIMPLIFY YOUR COMPLIANCE EFFORTS CSI S AUTOMATED, DYNAMIC SOLUTIONS MITIGATE RISK, DECREASE COSTS AND IMPROVE COMPLIANCE

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Ed McMurray, CISA, CISSP, CTGA CoNetrix Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats

More information

Vendor Compliance Management Series: Performing an Effective Risk Assessment

Vendor Compliance Management Series: Performing an Effective Risk Assessment Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must

More information

Regulatory Practice Letter February 2014 RPL 14-05

Regulatory Practice Letter February 2014 RPL 14-05 Regulatory Practice Letter February 2014 RPL 14-05 CFPB Nonbank Supervision of International Money Transfer Providers Proposed Rule Executive Summary The Consumer Financial Protection Bureau (CFPB or Bureau)

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

Reverse Due Diligence A New Trend In Financial M&A

Reverse Due Diligence A New Trend In Financial M&A Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Reverse Due Diligence A New Trend In Financial M&A

More information

Third-Party Risk Management: Busting Myths and Telling Truths

Third-Party Risk Management: Busting Myths and Telling Truths Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com

More information

Compliance training simplified

Compliance training simplified Compliance training simplified COURSE Listing 2015 LENDING LAWS AND REGULATIONS Regulation B 20026C Reg B: An Overview 20027C Reg B: Nine Prohibited Discrimination Factors 20028C Reg B: Prescreening, Cosigners,

More information

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results. REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES Dynamic Solutions. Superior Results. PERSONALIZED HELP THAT RELIEVES THE BURDEN OF MANAGING COMPLIANCE The burden of managing risk and compliance is

More information

Navigating Vendor Management Issues in Today s Regulatory Environment

Navigating Vendor Management Issues in Today s Regulatory Environment Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB)

What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB) What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB) LeadsCon March 18, 2013 Mirage Hotel & Casino, Las Vegas, NV Jonathan L. Pompan Venable LLP 1 Agenda for Today What

More information

P&G Banking A D V I S O R Fall 2014

P&G Banking A D V I S O R Fall 2014 P&G Banking A D V I S O R Fall 2014 SWOT analysis is solid armor for lenders Uncover risks among your business loan customers 5 tips for a successful succession plan Bank Wire Regulators raise the bar

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015 Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Managing specialty finance compliance requirements with a compliance management system

Managing specialty finance compliance requirements with a compliance management system Managing specialty finance compliance requirements with a compliance management system Prepared by: Andrew Amrine, Supervisor, RSM US LLP andrew.amrine@rsmus.com, +1 253 382 2239 September 2013 For over

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability...

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... ... 1 Chapter 1 Introduction... 5 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... 5 Chapter 2 Company Culture... 6 Chapter 3 Risk Management Governance... 7 3.1 Board of Directors...

More information

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework

More information

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. In the Matter of THE BANCORP BANK WILMINGTON, DELAWARE (INSURED STATE NONMEMBER BANK) CONSENT ORDER AND ORDER TO PAY CIVIL MONEY PENALTY FDIC-11-698b

More information

Appendix J: Strengthening the Resilience of Outsourced Technology Services

Appendix J: Strengthening the Resilience of Outsourced Technology Services Appendix J: Strengthening the Resilience of Outsourced Technology Services Background and Purpose Many financial institutions depend on third-party service providers to perform or support critical operations.

More information

Third Party Payment Processors Job Aid

Third Party Payment Processors Job Aid Third Party Payment Processors Job Aid This job aid is to be used by state institution examiners as a means to understand, identify, and assess the risks associated with institutions relationships with

More information

FACTA Identity Theft Red Flags Program. www.chs.acfei.com

FACTA Identity Theft Red Flags Program. www.chs.acfei.com 1 FACTA Identity Theft Red Flags Program Module 1 Fair and Accurate Credit Transactions Act Overview Identity thieves use individual s personal identifiable information to open new accounts and misuse

More information

Minimizing Legal and Compliance Risk for Credit Furnishers

Minimizing Legal and Compliance Risk for Credit Furnishers Minimizing Legal and Compliance Risk for Credit Furnishers Wednesday, November 18, 2015 2:00 p.m. 3:00 p.m. EST Webinar Speakers Jonathan L. Pompan, Esq., Partner and Co-Chair Consumer Financial Protection

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin

More information

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management

More information

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner

More information

Regulatory Compliance - What You Need to Know. John Zasada Principal CliftonLarsonAllen 218 790 1086 John.zasada@claconnect.com

Regulatory Compliance - What You Need to Know. John Zasada Principal CliftonLarsonAllen 218 790 1086 John.zasada@claconnect.com Regulatory Compliance - What You Need to Know John Zasada Principal CliftonLarsonAllen 218 790 1086 John.zasada@claconnect.com Compliance Risk Defense or move forward It exists for all FIs Identify, rank,

More information

Outsourcing Technology Services A Management Decision

Outsourcing Technology Services A Management Decision Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship THE 4 TH NATIONAL CONFERENCE ON OUTSOURCING IN FINANCIAL SERVICES NEGOTIATING, MANAGING & TERMINATING OUTSOURCING RELATIONSHIPS WHILE ENSURING REGULATORY COMPLIANCE Renaissance Mayflower, Washington, DC

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool

ICBA Summary of FFIEC Cybersecurity Assessment Tool ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary

More information

RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions

RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions Presented by: Dixie K. Hieb and Robb Schlimgen Davenport, Evans, Hurwitz & Smith, LLP www.dehs.com 2014 Davenport, Evans,

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

CFPB Update: Regulatory and Enforcement Developments

CFPB Update: Regulatory and Enforcement Developments CFPB Update: Regulatory and Enforcement Developments December 16, 2014, 12:30 1:30 pm ET American Law Institute Webinar Jonathan L. Pompan Alexandra Megaris 1 Agenda Supervision and Examinations What is

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-14-034 Not Sufficiently Documented April 21, 2014 Office of Inspector General Department of the Treasury Contents Audit Report Background... 2 Results of Audit... 4 OCC Has Updated Guidance

More information

Board of Directors and Management Oversight

Board of Directors and Management Oversight Board of Directors and Management Oversight Examination Procedures Examiners should request/ review records, discuss issues and questions with senior management. With respect to board and senior management

More information

{Regulatory Compliance Update.} December 10, 2014

{Regulatory Compliance Update.} December 10, 2014 {Regulatory Compliance Update.} December 10, 2014 Presenter Elizabeth Snyder, CRCM, Regulatory Compliance Manager Elizabeth leads Plante Moran s regulatory compliance team. As a compliance specialist with

More information

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014

More information

Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions

Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions Section of Antitrust Law 2013 Spring Meeting Wednesday, April 10, 2013 Jonathan L. Pompan Partner, Co-Chair

More information

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching John Barnes 713.210.7441 jbarnes@bakerdonelson.com Jessica Hinkie 713.210.7405 jhinkie@bakerdonelson.com Kat Statman

More information

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control Overview The Bank Secrecy Act (BSA) was created in 1970 to assist in criminal, tax, and regulatory investigations. The Financial

More information

Financial Crimes Enforcement Network

Financial Crimes Enforcement Network Financial Crimes Enforcement Network 1 Special Due Diligence Programs for Certain Foreign Accounts Special Due Diligence Programs for Certain Foreign Accounts An Assessment of the Final Rule Implementing

More information

Title Insurance and Settlement Company Best Practices. American Land Title Association

Title Insurance and Settlement Company Best Practices. American Land Title Association Title Insurance and Settlement Company Best Practices American Land Title Association Current Forces at Work Dodd Frank Wall Street Reform & Consumer Protection Act of 2010 Established the Consumer Financial

More information

Collections After Compliance. The Changing Landscape. An Experian Perspective

Collections After Compliance. The Changing Landscape. An Experian Perspective Collections After Compliance The Changing Landscape An Experian Perspective The current financial situation is a result of many factors, including the actions of both large and small financial institutions,

More information

Are You Ready for the New Foreclosure Processing Regulations?

Are You Ready for the New Foreclosure Processing Regulations? Are You Ready for the New Foreclosure Processing Regulations? New regulator guidance provides banks servicing residential mortgages with expectations in effectively assessing foreclosure processing. The

More information

Supervisory Highlights. Summer 2013

Supervisory Highlights. Summer 2013 Supervisory Highlights Summer 2013 Table of Contents 1. Introduction... 3 2. Supervisory Observations... 5 2.1 Compliance Management Systems... 5 2.2 Mortgage Servicing... 11 2.3 Fair Lending Provision

More information

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay

More information

What We ll Cover. Assessing Risk. Common elements in risk assessments NCUA categories of risk Risk assessments required by law

What We ll Cover. Assessing Risk. Common elements in risk assessments NCUA categories of risk Risk assessments required by law Assessing Risk It s the Law What We ll Cover Common elements in risk assessments NCUA categories of risk Risk assessments required by law What to assess Factors to consider When to assess Resources to

More information

The CFPB's 'UDAAPification' Of Consumer Protection Law

The CFPB's 'UDAAPification' Of Consumer Protection Law Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The CFPB's 'UDAAPification' Of Consumer Protection

More information

VIRGINIA ASSOCIATION OF COMMUNITY BANKS

VIRGINIA ASSOCIATION OF COMMUNITY BANKS VIRGINIA ASSOCIATION OF COMMUNITY BANKS Spring Internal Audit / Risk Seminar Presented by Lee G. Lester May 26, 2016 Regulatory Hot Topics > De-Risking > Marketplace Lending > Consumer protection initiatives

More information

The Other Side of CFPB Compliance

The Other Side of CFPB Compliance The Other Side of CFPB Compliance Strengthening your compliance program via vendor management Legal Disclaimer This information is for the use of attendees only. Any distribution, reproduction, copying

More information

Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies

Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies The staff of the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), National

More information

#socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations

#socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations #socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations Social media has created significant opportunities for organizations to connect with their customers and the overall

More information

Vendor Management Best Practices

Vendor Management Best Practices Vendor Management Best Practices Presented by: Raji Sathappan, MBA, CRCM, CISA, CAMS FMS East Coast Regional Conference September 2015 Certified Public Accountants Consultants Wealth Management Technology

More information

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Consulting and Professional Services Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Designing an Operational Risk Program for

More information

Compliance Risk Management Survey A Point of View

Compliance Risk Management Survey A Point of View FINANCIAL SERVICES Compliance Risk Management Survey A Point of View July 2014 kpmg.com Compliance Risk Management Survey A Point of View 3 Introduction As the financial crisis unfolded, regulators looked

More information

Importance of the Consumer Financial Protection Bureau

Importance of the Consumer Financial Protection Bureau Importance of the Consumer Financial Protection Bureau The aftermath of the financial crisis affected millions of Americans. The U.S. economy was devastated as companies crumbled, homeowners lost their

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL OFFICE OF FOREIGN ASSET CONTROL COMPLIANCE REVIEW Report #OIG-06-09 December 18, 2006 William A. DeSarno Inspector General Released By:

More information

Keeping watch over your best business interests.

Keeping watch over your best business interests. Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

The very dangerous intersection of UDAAP and vendor mismanagement. By Martin J. Bishop

The very dangerous intersection of UDAAP and vendor mismanagement. By Martin J. Bishop The very dangerous intersection of UDAAP and vendor mismanagement By Martin J. Bishop (Martin J. Bishop is vice chair of the Litigation Department and co-chair of the Consumer Financial Services Practice

More information

Takeaways From GE Capital's $225M Credit Card Settlement

Takeaways From GE Capital's $225M Credit Card Settlement Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Takeaways From GE Capital's $225M Credit Card Settlement

More information

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015 Cyber Security Auditing for Credit Unions ACUIA Fall Meeting October 7-9, 2015 Topics Introduction Cyber Security Auditing Program Discuss an effective and compliant Cyber Security Auditing Program from

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Cybersecurity Assessment

Cybersecurity Assessment Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today

More information

Regulatory Practice Letter December 2012 RPL 12-24

Regulatory Practice Letter December 2012 RPL 12-24 Regulatory Practice Letter December 2012 RPL 12-24 CFPB Nonbank Supervision - Larger Participants for Debt Collection and Credit Reporting Final Rules Executive Summary In February 2012, the Bureau of

More information

CFPB Examination Procedures

CFPB Examination Procedures Commonly Known as Payday Lending These examination procedures apply to the short-term, small-dollar credit market, commonly known as payday lending. The procedures are comprised of modules covering a payday

More information

LRES Corporation. Best Business Practices for an Appraisal Management Company

LRES Corporation. Best Business Practices for an Appraisal Management Company LRES Corporation Best Business Practices for an Appraisal Management Company [This document outlines the key principles and characteristics of an appraisal management company. The contents contained within

More information

Background. FIN-2010-G001 Issued: March 5, 2010 Subject: Guidance on Obtaining and Retaining Beneficial Ownership Information

Background. FIN-2010-G001 Issued: March 5, 2010 Subject: Guidance on Obtaining and Retaining Beneficial Ownership Information Joint Release Financial Crimes Enforcement Network Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller

More information